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Abstract 


Internet Protocol version 4 (IPv4) is an internetwork protocol that is active at the internet layer according to the 
TCP/IP model, it was developed in 1981 within a project managed by Defense Advanced Research Projects Agency. 
In the following years, the use of IPv4 grew to dominate data networks around the world, becoming the backbone 
of the modern Internet. In this survey, we highlight the operation of the protocol, explain its header structure, and 
show how it provides the following functions: Quality of service control, host addressing, data packet fragmenta- 
tion and reassembly, connection multiplexing, and source routing. Furthermore, we handle both address-related 
and fragmentation-related implementation problems, focusing on the IPv4 address space exhaustion and explain- 
ing the short and long terms proposed solutions. Finally, this survey highlights several auxiliary protocols that pro- 
vide solutions to IPV, namely address resolution, error reporting, multicast management, and security. 
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Introduction 


In the 1970s, several independent data networks were 
being developed in the United States and Europe, each 
has its local protocols and characteristics.'! These net- 
works need to connect, in order to exchange data, thus, 
the question of internetworking was arising. In this con- 
text, the Internet protocol version 4 (IPv4) was devel- 
oped enabling networks to mutually exchange data 
blocks called the packets or datagrams. 


This paper is a survey on IPv4, its operations, and its re- 
lationships to other network protocols and services. 
The rest of this survey is divided as follows. First, we 
show a brief historical background on the origin of the 
protocol. Then, a general overview of the operation of 
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the protocol is carried out. Next, the protocol header 
and its structure are fully described. After that, a de- 
tailed section is dedicated to explaining the functional- 
ities of IPv4. This is followed by problems encountered 
after the protocol was implemented. Finally, the auxil- 
iary protocols section highlights major protocols and 
technology used side by side with IPvq. 


Historical Background 


After WW II was over, analog communication was dom- 
inating. To make a communication channel between 
two ends, a physical connection needs to be estab- 
lished, creating an electrical path that the data signal 
will follow. This operation requires switching efforts in 
order to allocate channels and maintain the electrical 
circuit close. The switching was taking place in the 
switching nodes, initially in manual methods and then 
automatically. This technology is referred to as circuit- 
switched telecommunication.!! 


In the early 1960s, Paul Baran, working at the RAND 
Corporation, was the first to observe the advantages of 
digital communications in terms of reliability and 


8 & 


throughput.) Later in 1964, Baran suggested a new 
method to create communication channels called 
the packet switching. Instead of using a central model 
where allocating, establishing, managing, and closing 
physical channels is managed in the core of the net- 
work, Baran suggested a distributed model with no al- 
located physical channels. As an alternative, Baran cre- 
ated a new concept to exchange data and call it the 
"Block message". According to Baran, network termi- 
nals create the block messages based on the need, and 
then send them into the network. Each message is 1024 
bits long and can include only text data. Baran sug- 
gested that terminals add information to the data to be 
sent, including a code for the message source, and the 
destination address as well as indicators for the start 
and the end of the message (Figure 1).!5! The additional 
information was called: Housekeeping information. In 
the following years, the block message and the house 
keeping information were to become the data packet 
and the header respectively." 


The development of packet switching technology in the 
1960s was the first major step towards Internet Proto- 
col (IP). In a packet-switching network, digital infor- 
mation is carried in small chunks called packets, each 
of which contains a fixed number of bytes. From its 
source to its destination, sending one packet is totally 
independent of sending other packets sharing the same 
channel.'7! 


In 1973, Louis Pouzin created CYCLADES, the first 
packet-switched network that successfully adopts the 
concept of datagram for the first time in the history of 
data networks. According to Pouzin, a datagram con- 
tains all the information needed to define its source and 
the final destination."! Based on that, data networks 
started to support connectionless channels instead of 
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Figure 1 | The block message as proposed by Paul Baran in 
1964. 


Sender Text 


the traditional connection-oriented telecommunica- 
tion channels. In the connection-oriented mode, prede- 
termined channels that connect the source of the data 
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with its destination are needed, and establishing these 
channels is mandatory for data transmission to become 
possible. On the other hand, in the connectionless- 
mode, packets are routed based on source and destina- 
tion addresses carried by the packets themselves. The 
datagrams were "eagerly embraced" by the designers 
of the early Internet, and this resolution had deep ef- 
fects on the development of the other network proto- 
cols.!9! 


In 1974, a paper titled "A Protocol for Packet Network 
Interconnection" was published by Bob Kahn and Vint 
Cerf."°! This paper marks the starting point of the time- 
line shown in Figure 2, it describes a transport protocol 
to be activated between hosts in a packet-switching 
network. The suggested protocol provides several ser- 
vices related to data packets including flow control, 
process addressing, and end-to-end error checking. The 
protocol was called Transmission Control Program 
(TCP) and it was described in a specific Request for 
Comments (RFC) which has the codename 
"REC 675",f] 


Later, the functions of the program were divided into 
two separated protocols: Transmission Control Proto- 
col (TCP)! and IP. The two protocols were developed 
within a project supported by the Defense Advanced 
Research Projects Agency (DARPA). Regarding IP, be- 
tween 1977 and 1979, several experimental versions of 
the protocol were released. During this period, 
many Internet Experiment Notes (IENs) that describe 
the IP versions before the official standard were re- 
leased: 


e IEN2, dated: August 1977, titled: "Comments on 
Internet Protocol and TCP". it showed the need 
to divide functionalities of the transmission con- 
trol program into two separate protocols. In 
three years, the two protocols will be IPv4 and 
TCP. IEN2 also proposed the first version of IP 
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Figure 2 | Timeline for the development of the Transmission Control Protocol and Several versions of the Internet Protocol. 


and used a version number equal to o to identify 
it in the protocol header. [133] 

e IEN 26, February 1978, "A proposed new internet 
header format". It described version 1 of the pro- 
tocol (IPv1).!4! 

e —IEN 28, February 1978, "Draft Internetwork Pro- 
tocol Specification version 2". It described ver- 
sion 2 of the protocol (IPv2)./5) 

e EN 41, June 1978, "Internet Protocol Specifica- 
tion version 4"". This was the first IEN to de- 
scribe IPv4, however, the header structure was 
different from the current protocol."© 

e IEN44, June 1978, "Latest header format". It 
summarized the edits on the header protocol re- 
ported in IEN41."7) 

e EN 54, September 1978, "Internetwork Protocol 
Specification version 4". This note included a de- 
scription identical to the structure adopted later 
by the official standard of the protocol.!®! 


Later in 1980, IEN 128 was given the code 
name RFC 760 to become the first RFC dedicated to the 
internet protocol."9!In September of the next 
year, RFC 791 was published under the title: "Internet 
Protocol" (Figure 3). Since then, it is the official stand- 
ard of IPv4. Inthe next two years, the protocol had been 
gradually adopted in the United States, and ended as 
the main internetwork protocol in ARPA network start- 
ing from the 1° of January 1983. 201/22) 
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Internet Protocol version 5 (IPv5) was developed under 
the name: "Internet Stream Protocol", but it did not ex- 
ceed the experimental stage.!?7! Additionally, between 
1988 and 1993, when |Pv4 address space was being rap- 
idly exhausted, anew version of the protocol was devel- 
oped as a response, it was arbitrarily named IPv7 as its 
developer stated. However, the project was completely 
abandoned by 1993.72! 


Internet Protocol version 6 (IPv6) is the successor of 
IPvq4. It is essentially developed to answer the IPv4 ad- 
dress space exhaustion problem. Whereas an |IPv4 ad- 
dress is 32 bits long, providing a space that includes 
4,.3X109 addresses only, an IPv6 address is 128 bits long, 
supplying 3.4x102° addresses. IPv6 was firstly described 
inRFC 1883.%4] Then, many modifications were in- 
cluded and a new standard was released in 1998 under 
the code name RFC 2460.25! 


RFC: 791 


INTERNET PROTOCOL 


DARPA INTERNET PROGRAM 


PROTOCOL SPECIFICATION 


September 1981 


Figure 3 | The first page of IPv4 standard (RFC 792). 
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Lastly, in 2017, RFC 8200 was issued to cover amend- 
ments made in the past 20 years.° Although its ad- 
dress space is exhausted and it is, slowly and surely, re- 
placed by IPv6, Internet Engineering Task Force 
(IETF) intends to continue fully maintaining and sup- 
porting IPv4 as well as continuing the promotion of IPv6é 
encouraging people to use it.!77! 


On 1 April 1994, IETF published an RFC confirming the 
development of IPvg. However, it was an April Fool.!°! 


Operation 


Implementation 


The main objective of the internet protocol is to allow 
applications, running in nodes, to exchange data pack- 
ets via the network. In order to run IPv4, each node 
must support an IP module at the network layer of 
its protocol stack. Figure 4 shows the position of the 
network layer in the TCP/IP model, where it is located 
under the transport layer and above the data link layer. 
When an |Pv4 node is sending data, the IP encapsulates 
the Protocol Data Unit (PDU)coming from the 
transport layer and passes the results to the data link 
layer. When the node is receiving data, the IP module 


TCP/IP 
/ Network node 
model 
Application Application protocols 
layer 
Transport 
layer 
Internet 
layer 
Data link 


Ethernet 


layer 


Network cable 


Figure 4 | Basic TCP/IP network node. 


accepts PDUs of the link layer, then, the module de- 
cides which protocol will be the next to process data, ei- 
ther one of the protocols in the transport layer or an- 
other protocol running in the network layer. In both 
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cases, the IP decapsulates the PDU, removing the IP 


header, then, delivers the result to the next proto- 
col, [2911301 


If two nodes, referred to as data source and destination, 
are using the same link protocol, they can exchange 
data packets directly. However, if the source uses a link 
protocol that differs from the link protocol used in the 
destination, then, a device supporting the two link pro- 
tocols is needed. This device is called the gateway, and 
it is used to forward the packet from the source to the 
destination.3"! To achieve that, the gateway has a sin- 
gle IP module that connects with the two nodes via two 
different link modules. In this case, the IP module will 
have two IP interfaces, each will be numbered accord- 
ing to the IP address subspace used in the network 
where the corresponding node is located.57! Figure 5 
shows the model of the network where IPv4 was first 
implemented, it is called the Advanced Research Pro- 
jects Agency NETwork (ARPANET). In Figure 5, two 
hosts are connected via a gateway, each host supports: 


1. TCP asa transport protocol to provide host-to- 
host communication via a virtual channel. 

2. IPv4asaninternetwork protocol to provide host- 
to-gateway communication. 

3. Two different link protocols, namely LN1 and 
LN2, each active in a separate segment of the 
network. 


Functionalities 


From a functionality perspective, IPv4 belongs to a fam- 
ily of network layer protocols called the internetwork 
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Node-to-gateway | | Node-to-gateway 


Node-to-node 


Figure 5 | ARPA model for a transmission path between two hosts and a gateway. 


protocols.'#!33! Of this family's functions,4 |Pv4 pro- 
vides: 


e A mechanism to determine the Quality of Ser- 
vice (QoS) needed for each data packet sepa- 
rately. 

e A space of digital addresses and its structure, 
each of which is called an internet address. Any 
entity in the network that supports IPv4 needs to 
host at least one IP address, thus, it is called a 
host. This functionality is called addressing, and 
IPv4 supports two types: classful and classless. In 
the classful addressing, the address space is di- 
vided into a set of groups that includes a prede- 
termined number of addresses, each group is 
called a class. Addresses that belong to the same 


A mechanism to multiplex data from different 
applications together at the packet source and to 
demultiplex them at the destination.'37! 

An optional function to provide source routing. It 
is a routing mechanism that provides the source 
of the packets with the ability to determine an 
optional or mandatory route for the packets they 
create. If this function is used in the optional 
mode, the routers are recommended to use the 
route specified by the source. If it is used in man- 
datory mode, the routes must forward the 
packet in the route specified by the source. If this 
is not possible, the packet must be discarded. 3"! 


The previous functions will be discussed in detail in the 
functions section below. 


class share the same structure. On the other IPv4 has limitations, it cannot provide the following in- 
hand, in the classless addressing, there are no _ ternetwork-related functionalities: 


specified-length classes, and the address space is 
divided flexibly as needed. 35! 

e Fragmentation and reassembling. If the node is 
sending data, IPv4 can fragment it into smaller 
pieces if needed. The same process can take 
place in any router that handles the packets on 
the way to their destination. Fragmentation hap- 
pened when a packet's length is greater than 
the Maximum Transmission Unit (MTU) of the 
next network where the packet is to be routed. 
On the contrary, the reassembling can only be 
done at the final destination. the process aims to 
reconstruct the original data packet as it was be- 
fore the fragmentation.2°! 
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IPv4 does not provide host auto-configuration. 
The configuration of hosts' IP addresses can be 
achieved either manually or automatically 
through a dynamic configuration proto- 
col,82! such as Dynamic Host Configuration Pro- 
tocol (DHCP)./4°] 

If the packet's path includes more than a gate- 
way, IPv4 is not able to route data packets alone. 
In this case, a routing protocol is needed to ex- 
change routing information between gateways, 
thus, paths between IPv4 hosts through the net- 
work can be established. 47! 

IPv4 does not provide a reliable data transfer ser- 
vice because it uses connectionless channels. If 


an error occurred while transferring data pack- 
ets, the lost data cannot be restored. However, 
reliable transport protocols, such as TCP, can be 
used above IP to provide reliable data transfer- 
ring service using connection- 
oriented channels. !4?! 

e —|Pv4 does not have any kind of flow control." 

e |Pv4 does not have any built-in security mecha- 
nisms. [43] 


Header Format 


IPv4's PDU is called a packet, it consists of 
a header and data payload. The header length varies 
between 20 and 60 bytes, and the payload length can 
grow up to reach around 65 thousand bytes.!#4! 


Header fields can be classified into two types of fields: 
permanent and options. The length of permanent fields 
is 20 bytes. An IPv4 packet might include no options, 
however, if it has any, their maximum allowed length is 
40 bytes. The structure of the IPv4 packet is shown in 


Figure 6./45! 
t) 4 8 16 31 bit 
Version| IHL TOS Total length 
Identification Flags Fragment offset 
TTL Protocol Header checksum 20 
bytes 
Source address 
Destination address 
Z Options Z aa 
Up to 
Z Data 7 > 65515 
bytes 


Figure 6 | Data packet structure for IPvq. 


Permanent Fields 


IPv4 header contains 12 permanent fields, its structure 
is displayed in Figure 6. In the following, there is a brief 
description for each field:!4°! 


e Version: the length is 4 bits, and the value of this 
field is always set to 4 in all IPv4 packets. 

e Internet Header Length (IHL): 4 bits, it deter- 
mines the end of the header and the start of the 
payload. The value represents the number of 32- 
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bit (4 bytes) words in the header. The minimum 
acceptable value for this field is 5, which corre- 
sponds to the minimum header length 
(20 bytes). 

e Type of Service (ToS): 8 bits, it contains a code 
used to describe the QoS needed while the 
packet passes via the network. The parameters 
used to configure QoS are the precedence, delay, 
throughput and reliability. The structure of this 
field was first defined in the RFC 791, then a new 
structure and mechanism to describe QoS was 
introduced inRFC 1349,47 and later in 
RFC 2474./48) 

e =Total Length: 16 bits, it defines the length of the 
packet in bytes. The maximum allowed value is 
65535. 

e = Identification: 16 bits, it is used to uniquely dis- 
tinguish a packet and all its fragments resulted 
from the fragmentation. This field helps the pro- 
tocol module in the destination to detect all frag- 
ments, and reassemble them producing the orig- 
inal data packet again./49! 

e = Flags: 3 bits, this field contains one reserved bit 
always set to zero and two flags: Don't fragment 
and more fragments (Figure 7). The first flag is 
used to prevent fragmentation under all circum- 
stances (when set to 1). The second flag is used 
to distinguish the last fragment resulting from 
the fragmentation of a packet (if set to 1). These 
flags are only used if the packet was subjected to 
fragmentation. 


Res.: Reserved 0) 1 Z 


DF: do not fragment Res 


MF: more fragments 
Figure 7 | The structure of Flags field in the IPv4 header. 


e Fragment Offset: 13 bits, this field is set only if 
fragmentation is used. It contains the relative po- 
sition of the fragment to the start of the original 
data packet before fragmentation. The fragment 
offset field helps to reassemble fragments cor- 
rectly in the destination. The value of this field is 
equal to the real offset divided by 8. Thus, if this 
field contains 1, then, the real shift is 8 bytes. The 
maximum allowed value for the shift is 23=8192 
which represents 65536 Bytes.!5°! 


e Time To Live (TTL): 8 bits, it is set by the source 
of the packet, and contains the maximum num- 
ber of hops the packet can do. Each node pro- 
cesses the packet, such as routers and gateways, 
checks the value of this field first. If it is equal to 
zero, the packet is to be discarded. If not, the 
node subtracts one from the value of this field 
continues processing the packet. 

e Protocol: 8 bits, it is used by the IPv4 multiplex- 
ing mechanism. The field contains codes used to 
define the protocol that is going to process PDU 
next. The codes are standardized by Internet As- 
signed Numbers Authority (IANA).[52) 

e Header Checksum: 16 bits, it contains the output 
of the checksum algorithm that was applied only 
to the header fields. In the destination, the IP 
module recalculates the header checksum and 
compares it to the value of this field. If they 
matched, the header is not cor- 
rupted. RFC 791 explains the algorithm used to 
calculate the value of this field, '5#! it must be ap- 
plied to recalculate this field every time a change 
in the header is taking a place. For example, de- 
creasing the value of the TTL field. 

e Source address: 32 bits, it contains the IPv4 ad- 
dress of the sender of the packet which is called 
the packet source. 

e = Destination Address: 32 bits, it contains the IPv4 
address of the packet destination. 


Options 


IPv4 header might include facultative fields called the 
options. The existence of these fields within the header 
is optional, however, the support of the options is man- 
datory in all IPv4 implementations. There is no fixed 
length for the options field in an IPv4 packet, it might 
include no options, one or more with a maximum length 
of 40 bytes.!53! The options field must always end at the 
boundary of a 32-bit word. If this is not the case, the 
missed bits will be completed with padding bits.'%4! 


IANA maintains a standardized record of IPv4 op- 
tions.'55 All the options, except two, have a TLV struc- 
ture, Figure 8 shows this structure which includes three 
fields:'53! 
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e Type: 8 bits, it consists of three subfields: 

o Copy flag: 1 bit, it is used with fragmentation 
to determine whether the option used is to be 
copied to all fragments (C=1) or not (C=0). 

o Class: 2 bits, it is used to indicate the function- 
ality of the option: (00)2for "control" or 
(10)2 for "debugging and measurement". 

o Number: 5 bits, it is a unique numerical value 
to distinguish each option. 

e Length: 8 bits, it contains the length of the op- 
tions field in bytes. 

e Value: variable length, it is specified by the type 
of the option. 


The two exceptions that do not follow the previous TLV 
structure are:!5°! 


e End of options list: 8 bits, (00):6, it is used to mark 
the end of the options field. 

e No operation field: 8 bits, set to (01):6, it sits in- 
between two options for the purpose of separa- 
tion, when the header has more than one option. 


IPv4 options are rarely used because they can be a basis 
for launching several attacks. !%7! 


N Byte(s 
1 1 Ne yte(s) 
Type Length Value 
a” 2 5 ..,, Bit(s) 
Class Number 


Copy flag 


Figure 8 | |Pv4 option general structure. 


Functions 


In this section, we discuss the following functions of 
IPvg4: 


Quality of service Control. 

Addressing hosts and groups. 

Data packet fragmentation and reassembly. 
Multiplexing and demultiplexing of the connec- 
tions of higher-layers protocols. 

5. Source routing. 


PWN 


fC) 


Quality of Service Control 


When IPvg is used, QoS is set using the ToS field in the 
protocol header, the original structure of this field is 
shown in Figure 9. RFC 791 had reserved three bits in 
the ToS field to determine the precedence of the packet 
that contains the header, and the standard defines 8 
codes for these bits, each refers to a specific level of 
precedence. In addition to that, the standard specified 
the OoS of services needed for each packet in terms of 
three elements: delay, throughput and reliability. The 
mechanism is implemented by reserving a bit for each 
element in the ToS field creating three subfields. For 
each element, if the corresponding bit is set to o, this 
indicates that the packet accepts regular delay, a nor- 
mal throughput and regular reliability respectively. On 
the other hand, setting these bits to 1 indicates the 
need for the low delay, high throughput and higher re- 
liability respectively. By choosing different combina- 
tions for the previously described bits, the protocol al- 
lows the making of a trade-off between the QoS ele- 
ments. |58! 


In 1998, Differentiated Services (DS) were introduced 
by defining a scalable architecture for classifying and 
managing data within the network.'59!!6°! Based on that, 
the ToS field was also restructured, merging together 
the previously mentioned subfields. As a result, the Dif- 
ferentiated Services CodePoint (DSCP) subfield was 
created (Figure 10).'°! DS depends on categorizing data 
packets into a specific number of classes and then tag- 
ging the packets with the class unique identifier. After 
that, the routers are to be configured to recognize the 
QoS needed for each packet based on the tag it carries. 
When DS is applied, the routers at the edge of the net- 
work classify the packets, while the core routers only 
process the packets, so that supporting OoS at the core 
of the network remains fast and simple.'°! 


The network, where the previous set of routers are 
found, is called the differentiated services do- 
main.!83! Any router in the DS domain handles each in- 
coming packet independently from other routers, and 
that is why this mechanism is called Per-Hop Behavior 
(PHB). Four standard types of router's behavior are de- 
fined: 64) 
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e Default Forwarding (DF) behavior, it is the choice 
selected by a router processing a data packet 
when no other behavior fits that packet. Sup- 
porting DF behavior is mandatory on all routers 
that support DS. When this behavior is selected, 
the value of the DSCP subfield is to be set to 
(00000)>. 

e Expedited Forwarding (EF) behavior, it is the be- 
havior corresponding to real-time applications 
such as sound and video. The provided QoS, 
when this behavior is chosen, satisfy require- 
ments of low delay, low jitter and low data loss. 
If this behavior is selected, the value of the DSCP 
subfield is to be set to (10110) 2!°5! 


QO. 1-2... 3 6 7 


Precedence 


Relibility Jun 


pa 
a 
eal 
BH) 
=] 
) 
gy 
pa 
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Figure 9 | The structure of the ToS field in the IPv4 header 
according to RFC 791. 
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Differentiated services codepoint 


Figure 10 | The structure of the ToS field in the IPv4 header 
according to RFC 2474. 


e Assured Forwarding (AF) behavior, it allows 
packets delivery as long as the data traffic does 
not exceed a specified threshold. If it does, the 
probability of discarding packets increases on a 
three-zone scale: low, medium and high. In order 
to provide users with configuration options, 
there are four different classes applies for each of 
the previously mentioned zones ending with a 
total of 12 possible levels to configure. Table 1 
provides a recommended set of values of the 
DSCP subfield for all the classes if the AF behav- 
ior is selected. !©° 

e Class Selector (CS) behavior, it provides a way to 
compatible support for the original ToS prece- 
dence subfield. If this behavior is selected, the 
value of the DSCP subfield is (bob1b2000)2, where 
bo, bs and b2 are the precedence bits respectively. 


Table a2 | Recommended codepoints for the AF Behavior (in 
binary)!®4 


Drop prece- 


ee Class1 Class 2 Class 3 Class 4 
Low 001010 010010 011010 100010 
Medium 001100 010100 011100 100100 
High 001110 010110 011110 100110 


Regarding bits 6 and 7 of the ToS, the two bits are used 
for the Explicit Congestion Notification (ECN), which 
was first described in 1999.'°7) When set to (11), the two 
bits provide a mechanism for routers to notify the des- 
tination that congestion currently exists in the network. 
Three other combinations of the two bits can be used 
by the data source as follows: (00). to indicate that the 
mechanism is not used, and (10): or (01)2 to indicate the 
use of it.!68 


Addressing 


IPv4 addressing is giving digital identifiers to IP hosts 
residing in a local area network or on the inter- 
net.'©9] The digital identifier is called an IP address, it 
may be used to uniquely distinguish a specific host, or 
to identify members of a group each of which is hosting 
that address at the same time." 


Structure development 


The structure of the addressing system was discussed 
early when |IPv4 was being developed. In 1973, Pouzin 
argued that the structure should allow 2-level address- 
ing: a short address that uniquely identifies the host 
within the local network and a long address that identi- 
fies the host within the whole network. this structure 
was based on the idea that a network might include 
thousands of hosts. Pouzin also proposed a format that 
includes a hexadecimal notation for addresses that can 
have 3 to 14 positions.’ Although the proposed format 
was not adopted later in IPv4, the 2-level addressing 
scheme was a core concept in the IPv4 addressing struc- 
ture. !721 


In the next year, Kahn and Cerf proposed the Transmis- 
sion Control Program (TCP). In the addressing section, 
the authors proposed a two-fields address structure: 
network (8 bits) and identifier (16). This structure allows 
only 28=256 unique networks to be able to connect to 
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the system, with a maximum of 27°=65536 hosts in each 
of which.7! Although this structure was modified later, 
the 8-bit length of the network part was adapted for 
IPv4. David Clark, in 1978, referred to this choice as a 
limitation for the internet growth writing the follow- 
ings: "We should thus begin to prepare for the day when 
there are more than 256 networks participating in the 
internet."!74! 


The initial version of IPv4, documented in IEN 123 (De- 
cember 1979) and later RFC 760 (January 1980), did not 
consider these concerns. Although it extended the ad- 
dress to include 32 bits instead of 24, the proposed 
structure has two fixed-sized fields: network (8 bits) and 
hosts (24).'75! However, by September 1981, when 
RFC 791 was released, the address structure was modi- 
fied to include 3 different modes called classes, hence 
the name classful addressing. The new addressing 
scheme allowed the following variation in lengths for 
network and host fields: (8,24), (16,16) and (24,8).!45] A 
detailed structure for the classes was illustrated in RFC 
796. W761 


IPv4 Address 


It is a 32-bit digital identifier, normally written Dot- 
decimal notation. However, it might also be written us- 
ing the Binary numeral system. The IP address is di- 
vided into four parts, each of which is 8 bits long, thus, 
it is called an octet. The enumeration of the octets 
starts with one, and the first octet includes the Most 
Significant Bit (MSB) (Figure 11).!77! 


When the dot-decimal notation is used, the IPv4 ad- 
dress follows the format: "#.#.4.#", where '#' repre- 
sents a numerical value in the decimal numeral system. 
Because each octet is 8 bits long and contains only pos- 
itive integers, the value in each octet varies between 
o and 255.'7ll791 For example, 10.0.0.1, 172.16.254.1 and 
240.0.0.9 are IP addresses written in the dot-decimal 
notation. 


IPv4 addresses can be represented using dot-binary no- 
tation, this can be done by converting the value of each 
octet from the decimal numeral system into the binary. 
For example, 10.0.0.1 can also be written as follows: 
00001010.00000000.00000000.00000001. Although an 
IPv4 address has two representation forms, the two 


CC) 


cannot be used together, thus, when written down, one 
notation must be used. 


Most 172. 16.254 .1 petted 
significant v ¥ ¥ 4 
Bis Binary 
aaa COUR ORD te ee aae Geedenes fuimberihé 


NY YY Ve 
1* 2°4 3e4 qh Octet's order 
Se aw 
no ae 
32-bit (4 bytes) 


Figure 22 | A diagram of an IP address (IPv4). 


IPv4 Address Space 


It is the set of all IP addresses. The space includes 23? ad- 
dresses, approximately 4.3 billion. Based on the value of 
the first octet, the IPv4 address space is divided into 
three smaller subspaces as follows (Figure 12): 


e Unicast address subspace: it covers 7/8 of the 
original address space and includes all addresses 
that have the first octet ranging between o and 
223, regardless of the values of the other octets. 
These addresses are used to identify unicast 
hosts in data networks, i.e., they can be used to 
as source or destination addresses in one-to-one 
transmission. The unicast address subspace was 
further divided based on the addressing method 
(classful or classless). Classful addressing is the 
original method described in the IPv4 standard. 
However, it was later obsoleted and replaced by 
the classless method due to the rapid exhaustion 
of IPv4 address space, the two methods are to be 
covered in the next section. 

e Multicast address subspace: it covers 1/8 of the 
original address space and includes all addresses 
that have the first octet ranging between 224 
and 240, regardless of the values of the other oc- 
tets. These addresses are used to identify mul- 
ticast hosts in data networks, i.e., they can be 
used to as destination addresses in one-to-many 
transmission. The unicast address subspace is 
also referred to as Class D.®°! 
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st 
1* octet >) > 


range 


0-127 Class A > 1/2 


128-191 Class B > 114 
192-223 Class C 118 
224-339 Class D Pe ae 118 
240-255 Class E y 16 
0 Unicast O Multicast B Experimental 


Figure 12 | IPv4 address subspaces. 


e Experimental address subspace: an additional 
address subspace was reversed for reasons, it co- 
vers the remaining 1/16 of the original address 
space, it is also referred to as Class E.[8) 


Addressing method 


As mentioned in the previous section, IPv4 address 
space is divided based on two addressing methods: 
classful and classless. The first was the original method 
and the later was adapted later to overcome the IPv4 
exhaustion problem. In this section, we discuss first the 
Classful addressing method, then, we present the class- 
less addressing method. The IPv4 address space ex- 
haustion problem is to be covered in the problems sec- 
tion. 


Classful addressing 


When the classful method was used, an IPv4 unicast 
address had the following structure (Figure 13):!°?! 


Reserved bits, which cover brsv bits. This field is 
used to define the function and the size of the ad- 
dress subspace! to which the address belongs. 
The reserved bits field starts from the address's 
MSB covering one bit at least, and extends to the 
right including up to 3 bits at most. 

Network identifier (NID), it is used to uniquely 
identify the subspace to which the address be 


bysy + Dyin + Dyip = 32 bits 


Bree Pauw Pye 
eee Network identifier | Host identifier 


Figure 13 | |Pv4 address structure used for unicast classful 
addressing. 


longs. All addresses that reside in the same sub- 
space have the same NID. Network identifier 
starts directly where the reserved bits end, its 
length, referred to as bw varies according to the 
number of resulted subspaces Nepc. The relation- 
ship between the two parameters can be mathe- 
matically written as follows: Nspe = 22NID, 


Host identifier (HID), which uniquely identifies 
the IPv4 host. The value of this field is unique in- 


Table 2 | Standard classes for IPv4 unicast addressing 
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buip varies according to the number of available 
addresses in the subspace Naar. The relationship 
between the two parameters is written as fol- 
lows: Nadr = 2PHID ff 


When the classful addressing method was used, the 
unicast subspace was divided into 3 classes, Class A, 
Class B and Class C. Table 2 shows the length of each 
part of the addresses, the number of subspaces (Nspc) 
and addresses (Naar) within each class. When the Inter- 
net was put to commercial use, the limited size of 
class C subspaces and the overwhelming size of class A 


subspaces led to rapid consumption of Class B sub- 
spaces and to the exhaustion of the IPv4 address space. 


Classless addressing 


The classless addressing was adopted in 1993 as a short- 
to-mid-term solution for the exhaustionIPv4 address 
space.!°4] when used, there are no classes nor specific 
predetermined volumes for the subspaces, i.e., sub- 
spaces can be created based on the need.'®5!8] When 
classless addressing is used, an IPv4 address will have 
the following structure (Figure 14):'°7! 


A prefix, which is shared among all the addresses 
belongs to the same subspace. It covers bps bits 
starting from the address's MSB and has no pre- 
determined length. Instead, it can extend longer 
in the address creating larger subspaces as 
needed. 


An HID, which starts from the end of the prefix 


1°* octet range 


Field’s lengths (bits) 


Class Binary Decimal spc Naar 
From To From To brsv bnip buip 
A 00000000 01111111 fe) 127 1 7 24 27 274 
10000000 10111111 128 191 2 14 16 2M p16 
C 11000000 11011111 192 223 3 21 8 28 28 


side each subspace. Host identifier starts directly 
where NID ends, its length, referred to as 
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Classless addressing requires a hierarchical addressing 
system, "®! which means that the address space, inde- 
pendently but subsequently, is being divided into 
smaller subspaces. At each level of the hierarchy, the 
prefix length increases at the expense of HID (Fig- 
ure 15). 


Because |Pv4 addresses are binary-based numbers, all 
the previously mentioned subspaces must always in- 
clude a number of addresses that is multiple of 2, i.e., 
the number of addresses with the subspaces is a mem- 
ber of the set {2,4,8,16,..., 2373.3) 


bor + Dyin = 32 bits 


Dorx bu 


Prefix << Host identifier 


Figure 14 | IPv4 address structure used for unicast classless 
addressing. 


No. of Newtwork k No. of equivalent classful 
hosts Sve uonn mas addressing network 


per Prefix | Dotted decimal Class A 
network | notation notation 


31 2147483646 nN 128.0.0.0 128 27 
30 1073741822 192.0.0.0 rid 
29 536870910 224.0.0.0 2% 
28 268435454 240.0.0.0 4096 
27 134217726 248.0.0.0 2048 
67108862 252.0.0.0 1024 
33554430 254.0.0.0 512 
16777214 255.0.0.0 
8388606 255.128.0.0 
4194302 255.192.0.0 
2097150 255.224.0.0 
1048574 255.240.0.0 
524286 255.248.0.0 
262142 255.252.0.0 
131070 255.254.0.0 
65534 255.255.0.0 
32766 255.255.128.0 
16382 255.255.192.0 114 
8190 255.255.224.0 118 
4094 255.255.240.0 41/16 
2046 255.255.248.0 : 1/32 
1022 255.255.252.0 | 1164 
510 255.255.254.0 ; 1/128 
254 255.255.255.0 i 11256 
126 255.255.255.128| 2° 1/512 
255.255.255.192| 2° 111024 
255.255.255.224| 2° 1/2048 
255.255.255.240| 2° 1/4096 
255.255.255.248| 2° 28 
255.255.255.252| 2° 24 


Figure 15 | Table for prefixes used in classless addressing, 
and their equivalents in classful addressing. 


No. of bits within the 


Prefix Host ID Class B | Class C 


el/N[olalalelrn|/a 
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Network Mask 


It is a 32-bit number associated with the IPv4 unicast ad- 
dresses. A network mask have the same 4-octet struc- 
ture as any IPv4 address and is written using the same 
notation systems.'°2! However, the mask has a special 
one-and-zero pattern: starting from its MSB, the mask 
includes only a sequence of ones, followed by a se- 
quence of zeros, and the sum of the lengths of the two 
sequences is 32 bits. In both classful and classless ad- 
dressing, the mask is used to detect the HID field of the 
corresponding network address. To doso, the bits in the 
sequence of zeros correspond to the HID field.!9%! 


For example, HID in a Class C network address is 8 bits 
occupying the 4" octet (Figure 11). The network mask 
that corresponds to this address is 1111 1111 . 1111 1111 
. 1111 1111 . 0000 0000. However, to avoid writing long 
sequences of ones and zeros, the mask can be written 
as follows: /x, where x is the number of ones in the 
mask. For example, the previous network mask can 
shortly be written: /24, and that is the standard mask for 
all Class C subspaces. Table 3 shows the standard masks 
for unicast address subspaces when the classful ad- 
dressing method is used.'9! 


Address Space Management 


Allocation and Assignment 


The Internet needs a central authority to allocate and 
assign digital identifiers and to keep a reservation rec- 
ord. Since the beginning of the network, IANA, man- 
aged by the Information Sciences Institute in California, 
has provided these services.'97] However, starting from 
March 2000, IANA became a part of Internet Corpora- 
tion for Assigned Names and Numbers (ICANN) which 
took control of allocation services on the Internet. !93! 


IANA maintains global registers for both unicast and 
multicast subspaces. However, allocation differs as fol- 
lows: 


e Unicast subspaces allocation: following the 
classless addressing approach, the process is 
provided based on a four-level hierarchical 
model shown in Figure 16:!94! 


1. IANA, residing at the top of the pyramid, pro- 
vides the allocation service for sev- 
eral Regional Internet Registries (RIRs) based 
on geographical bases and following a three 
principles policy:!°> 

a. allocates RIRs subspaces distinguished with 
prefix /8. 


b. It is committed to allocating RIRs with sub- 
spaces that satisfy their future needs for at 
least 18 months. 


Table 3 | Network masks used with classful addressing 


Mask Notation 
Class 
Dotted decimal Prefix 
A 255.0.0.0 /8 
255.255-0.0 /16 
255.255.255.0 /24 
2 
S 3 
ry internet % 
registries % 
Local internet 2 
registries g 


Clients or sub-local 
internet registries 


Figure 16 | The hierarchy of the unicast IP address allocation 
space in IPv4. 


c. It allows the RIRs to adopt their own alloca- 
tion strategies and to keep their own reser- 
vation records. 


2. RIRs, serve Local Internet Registers (LIRs), 
providing them with smaller subspaces, based 
on their needs. 


3. LIRs assign subspaces to local internet sub-regis- 
ters or directly to agents. 


4. Local internet sub-registers assign subspaces to 
agents where subnetting and VLSM are used 
to locally manage the provided subspace. 
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Note that the allocation is distinguishable from 
the assignment in this context: while the first is 
providing Internet Service Providers (ISPs) with 
IPv4 subspaces, the second is giving subspaces 
on a customer base.!! In addition to that, going 
down in the pyramid shown in Figure 16, the al- 
located/assigned subspaces will have longer pre- 
fixes and will, as a result, include a smaller num- 
ber of addresses.'**! Figure 17 shows an example 
of an allocation process that started by providing 
the American Registry for Internet Numbers 
(ARIN) with a /8 prefix and ended with the client 
assigned a /27 subspace. 


Some subspaces, usually referred to as blocks of 
addresses, are reserved addresses for spe- 
cific protocols, or for special purposes.§'97! In gen- 
eral, addresses from these subspaces should not 
be used to number hosts globally on the Internet. 
For example, 127.0.0.0/8 is reserved for 
the loopback function.!9° IANA maintains a reg- 
istry for these blocks of addresses. 99] 


e Multicast subspaces allocation: IANA is charged 
with the process of multicast subspace allocation 
and it maintains the IPv4 multicast space regis- 
try.°°! [ANA allocates and assigns blocks of mul- 
ticast addresses directly to newly developed pro- 
tocols. 202) 


Subnetting and VLSM 


Subnetting is amathematical operation used to logi- 
cally divide an IPv4 unicast address space into two or 
more smaller subspaces called subnets, it can be used 
with both classful and classless addressing. Figure 18 
shows how subnetting was being performed with the 
classful addressing approach: a new field, called Subnet 
IDentifier (SID) is created in-between NID and HID, it 
grows right to occupies one or more bits from HID, the 
number of SID bits (bsin) determines how many sub- 
nets (Nsuo) will result after performing the operation, 
the two are bonded together in the following formula: 
Neub = 22510 021[891 Qn the other hand, when the class- 
less addressing method is used, the SID is created be- 
tween the prefix and the HID following the same ap- 
proach. 9°) 


CC) 


The previous approach is called single-Level subnet- 
ting, when used, equal-volume subspaces will be cre- 
ated. If the subnetting algorithm is performed again on 
one subnet, new and smaller subspaces will be created, 
and this approach is called multi-level subnetting. 


Longer Prefixes 
TANA £22228] ARTN E22222°48! Sp 


172.1.140.192/27 


Assignment 


Client 


Allocation Allocation 


Larger spaces 


Figure 17 | Example of allocating and assignment of an IPv4 
address space according to the allocation hierarchy. 


Before {Reserved 
subnetting | __ bits Network ID rae 
After [Reserved 
subnetting |__ bits Network ID Subnet ID} Host ID 
— 
bsip buio 


Figure 18 | Subnetting concept when used with classful ad- 
dressing. 


The result of the multi-level approach will be subnets 
that have different volumes and are distinguished with 
different masks."°3! Variable Length Subnet Mask 
(VLSM) is a special type of multi-level subnetting, it is 
performed on a single classful subspace. As shown in 
Figure 19, when compared to single-level subnetting, 
VLSM allows network administrators to efficiently 
manage their assigned subspaces based on the 
need, 204] 


When creating new unicast addresses subspaces, two 
special addresses need to be considered in each subnet: 
the network and the broadcast, that is because they are 
the two extremities of the address range. The network 
address is the smallest address in the subspace and cor- 
responds to all-zero HID, it is used to represent the ad- 
dress subspace in total. The broadcast address is the 
largest address in the subspace and corresponds to all- 
ones HID, it is used as a destination address to send 
packets to all hosts numbered using the addresses from 
the corresponding subspace. Both, the network and the 
broadcast addresses, should not be used to number 
hosts./05] 
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Fragmentation and Reassembly 


The idea of connecting different networks was a core 
concept of the internet, thus, there is no surprise that 
the word internet is coined from the expression: inter- 
connected networks.°*! However, supporting different 
networks involves having different MTUs, leading to 
the question: How to transmit a data packet through a 
network, if it is greater than the MTU of that network? 
the answer is fragmentation and reassembly. 207/208) 


Single-level subnetting 
Class C subspace 


/27 Subspace | /27 Subspace 
30 Hosts 30 Hosts 


/27 Subspace 
30 Hosts 


/27 Subspace 
30 Hosts 


/27 Subspace 
30 Hosts 


/27 Subspace 
30 Hosts 


30 Hosts 30 Hosts 
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Multi-level subnetting 
Class C subspace 


/26 Subspace 


62 Hosts 


/25 Subspace 
126 Hosts 


\ | 


~— /28 Subspace 
- 14Hosts 


Figure 19 | Volumes comparison for subspaces resulted from subnetting a class C subspace. To the right: single-level subnet- 


ting, and to the left multi-level subnetting. 


Fragmentation 


When the IPv4 module receives a data packet to be sent 
to via network that is directly connected to 
the host where the module is located, it determines the 
value of the MTU associated with that network and 
compares it with the packet's length. If the packet's 
length is greater, then, the packet must be fragmented, 
each of which will become a new data packet independ- 


IPv4 supports intranet fragmentation. This means that 
fragmentation occurs not only at the packet's source 
but also at any intermediate node that processes the 
packet along the path to its destination.3° 


Note that as fragments cross the networks to their des- 
tination, they can be fragmented creating smaller data 
packets if needed.°) 


Figure 21 shows the fragmentation algorithm as de- 


IPv4 Packet (before fragmentation) 
_A__ 


, aaa — 
Header 
Data (B, 
(Brac) ( dat) 
Fragmentation 
Bead Data (B,,./4) \ 
|__| 5 
(Bhar) Z 
b> sear Data (By,./4) 
nds , IPv4 fragments 
Ee Es aes (after fragmentation) 
[>| al 
(Bhar) d 
Header 
|__| Data (By,:/4) 
(Bhar) ad 


Figure 20 | Fragmentation example: an |Pv4 packet is divided into smaller fragments. 


ent from the original packet (Figure 20).'°9! 
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scribed in the IPv4 specification, it can be briefly sum- 
marized as follows: 


1. In an |Pv4 host, the IP module receives a routed 
data packet to be sent via a network directly con- 
nected to that host. 

2. The module determines the packet's length and 
compares it with the MTU associated with the 
network via which the packet will be routed: 

a. Ifthe length is greater, then, fragmentation is 
needed, 

b. Else, the packet is to be sent, as it is, to the next 
stage of the encapsulation, and the process is 
to be ended. 

3. The DF flag in the packet is to be checked: 

a. Ifitis set, the packet is to be discarded, and the 
process is to be ended. 

b. Else, the fragmentation process starts as fol- 
lows: 

i. The payload length of fragments is deter- 
mined according to the MTU and the length 
of the IP header. 

ii. A part of the original payload, equal to the 
length determined in step (3.b.i) is sliced off 
to create the payload of a fragment. 

iii. A new |Pv4 header is to be built for the sliced 
payload as follows: 

1. Calculating the length of the fragment 
header and adding it to the IHL field. 

2. Calculating the total length of the frag- 
ment and adding it to the Total Length 
field. 

3. Determining the lifetime of the fragment 
and adding it to the TTL field. 

4. Setting the value of the Identification field 
to the same value found in the Identifica- 
tion field in the header of the original data 
packet. 

5. Calculating the fragmentation offset and 
adding it to the offset field. 

6. Determining the value of the fragmenta- 
tion flags: DF and MF and adding the val- 
ues to the Flags field. 

7. Calculating the value of the checksum and 
adding it to the Checksum field. 

8. Copying the value of the source and desti- 
nation addresses fields from the same 
fields in the header of the original data 
packet. 
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4. Generating the new IPv4 packet by encapsulat- 
ing the payload of the fragment with the built 
header. 

5. Sending the new packet to the next stage of en- 
capsulating. 

6. Determining whether the previous packet is the 
last packet by checking the value of MF: 


a. If it is set, the previous packet is the last, and 
the process is to be ended. 


b. Else, repeat starting from step (3.b). 


Reassembly 


The process of collecting fragments and using them to 
reconstruct the original data packet, as it was before 
the fragmentation, is called reassembly.7! In IPv4, re- 
assembly takes place only at the final destination of the 
packet. That is because routing for each fragment hap- 
pens independently, and it is highly possible that frag- 
ments might be routed via different paths. Thus, reas- 
sembly in a given node on the path might be impossible 
due to the lack of all fragments. 3! 


Figure 22 shows the reassembly algorithm as specified 
inthe IPv4 specification, it can be briefly summarized as 
follows: 54! 


1. Inthe final destination, the IP module receives a 
data packet from the data link layer. 

2. The IP module checks if it is a fragment from an 
original packet or not: 

a. If it is not (Offset = o & MF=o), the packet is 
sent to the next stage of processing, and the 
process is to be ended. 

b. Else, reassembly starts as follows: 
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Reception of a data Packet 


Isita 
fragment 
? 


(Offset = 0 & MF =0) 


Start rebuilding of the original packet. 


Set a waiting timer 


Extract the payload and the header 


Is it the 
first 


fragment 
? 


Yes 
Offset = 0 


Add the payload to the first place 


No 


Is it the 
Last 
fragment 
, 


Yes 


MF=0 


C) Add the payload to the last place 


No 


Calculate the relative place 


Add the payload to the relative place 


The 
original 
payload is 
complete 
? 


NO Yes 


Create the original header 


J 


Rebuild the original packet 


Anew 


Yes fragment 


From 1 


Send the packet to the next step of processing 


The timer 
expired ? 


Yes 


Flush all the stored fragments and release the memory 


Figure 22 | |Pv4 Reassembly algorithm in as specified in RFC 791. 
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i: Setting a hold timer and run it. If the timer is 
expired, reassembly is not possible, and all 
the collected fragments are to be discarded. 

ii. Determining the payload and the header in 
the received fragment 

iii. | Determining the relative position of the 
fragment in the original packet, 

1. If it was the first segment (Offset = 0), then 
it will be added to the first position of the 
packet, 

2. Else, if it is the last segment (MF = o), it will 
be added to the last section of the packet. 

3. Else, the segment is to be added to its rel- 
ative position. 

iv. Check if reassembly of the original packet 
payload is completed: 

1. If yes, the original packet header is cre- 
ated, the original packet is reconstructed 
and sent to the next stage of processing. 
The process is to be ended. 

2. Else, check for any newly received data 
packet that contains the same identifier 


value. 

a. If received, repeat starting from 
step (2.a). 

b. Else, 


iP wait until the hold timer expired, and 
periodically check for the arrival of 
data packets. 

ii. if a packet is received and the timer 
has not been expired yet, go to step 
(2.b.iv.2.b.i) 


c. If the timer expired, all collected frag- 
ments will be discarded, and the process 
is to be ended. 


Multiplexing 


Multiplexing is the ability to merge multiple protocol 
connections over a single connection, the reverse pro- 
cess is called splitting or demultiplexing (Fig- 
ure 23)./51l3°] |Pv4 provides this function using the Pro- 
tocol field in its header.'52! The field includes a value that 
specifies the following protocol in the encapsulation 
process, which may be another network layer protocol 
that performs a different function, such as Internet 
Control Message Protocol (ICMP), or atransport 
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layer protocol such as TCP or a User Datagram Protocol 
(UDP).{7I 


Source Routing 


Source routing is a routing scheme in which the source 
of the data packet specifies the routing information for 
routers that are going to process the packet, the infor- 
mation includes a set of IPv4 addresses of network 
nodes. Routed to these addresses sequentially, an IPv4 
packet can follow a route desired by its source.!*5! [Pv4 
supports two types of source routing:3*) 


e Loose Source Routing (LSR): it is called loose be- 
cause the routers are not obliged to use the infor- 
mation in the option, and can route the packet 
based on their own routing scheme if needed. '*6) 

e Strict Source Routing (SSR): the word "strict" in 
the option's name reflects its mandatory nature 
as routers are obliged to route the packet based 
on the information carried in the option. If this is 
not possible, the routers are to discard the 
packet.77) 


The implementation of the previously described source 
routing types is achieved using two |Pv4 options that 
have the same format as shown in Figure 24:'8! 


e = Type field, 8 bits long. It is set to 132 for LSR and 
to 137 for SSR. 

e Length field, 8 bits. It includes the length of the 
option in bytes. The minimum accepted value for 


this field is 4. 
m 32 os 1 now 32 1 Transport layer 
Multiplexer _ Flowof De-multiplexer | Internet layer 
data 
1 1 Data link layer 


Figure 23 | m-to-a multiplexing and 1-to-n demultiplexing for 
protocol connections at the network layer 


N 
Route data 
N 


Type Length 


Pointer 


Figure 24 | Format of the two source routing options in IPv4. 
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e Pointer field, 8 bits. It refers to the start ofanad- = Answering the address exhaustion of IPv4 followed two 
dress in the next field. The specified addressisto  strategies:!*9![2e] 
be used by the next router that is routing the 


packet. The minimum accepted value for this 1. A short-term strategy aimed to slow down the 

field is 4. speed of the exhaustion and to extend the proto- 
e Route data field, it has a variable length. This col lifetime as long as possible 

field includes a set of IPv4 addresses to be used 2. A long-term strategy, aimed to replace |Pv4, 

for routing the packet, the order of the addresses which has a limited number of addresses (around 

is to be considered because they are to be pro- 4.3 billion), with another internetwork protocol 

cessed sequentially as the packet is being for- that supports larger address space. 


warded from a router to another. 
The short-term strategy was expected to prolong the 


lifetime of IPv4 for 3-5 years,'9! Nevertheless, in prac- 


Problems tice, the lifetime extended for more than 25 years. How- 

ever, the exhaustion of the address space continued, 
This section is dedicated to addressing problems en- slowly but surely. In February 2011, |CANNissued a 
countered after IPv4 was implemented, especially press statement to report start using of the last free /8 
problems related to addressing and fragmentation. Re- _ block of the IPvg4 address space." 


garding the addressing, we are going to highlight the 
IPv4 exhaustion problem and the overlapping of ad- 
dress spaces. Concerning fragmentation, we will cover 
many related attacks and discuss the solutions. 


The two strategies were implemented in parallel, and, 
as shown in Figure 25, the result was: 


e Two emergent solutions were developed as an 

. answer to the short-term strategy: 

Related to Addressing ae 
e Network Address Translation (NAT). It is a 


Address Space Exhaustion 
P technology based on the idea that local net- 


IPv4 address exhaustion is the depletion of free ad- works can be numbered using the same ad- 
dresses in the space pool due to allocating to RIRs and dress spaces, referred to as private addresses. 
ISPs or globally assigning to hosts on the Internet. The NAT is a broad term dedicated to describing a 
1980 1990 2000 2010 
I I I I 
1 & ! aa Ra g ! io 
I 1 I 

1 6 OI 32829 iz 

iW S31 2232 08F 0 ! = Time 

I I I I 


The World 
First commercial 


RFC 1519 
CIDR proposed 


RFC 1883 IPV4 exhausted 


IPv6 Proposed IANA used last free 
/8 address block 


RFC 791 Creation of ROAD RFC 1338 RFC 1631 
IPV4 standard Routing & Addressing First description of | NAT proposed 
Group the exhaustion 
problem 


Figure 25 | IPv4 exhaustion problem timeline. 


problem was first noticed in the early 1990s, while the set of mechanisms used to change network 
Internet was rapidly expanding. Since then, solutions identifier values, such as IP addresses and port 
are being proposed and implemented. '**! numbers, in data packets that pass across a 
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Host Router + NAT 


Source IP__Destination IP 


router that connect two domains: Local and 
global.!?2! 

Before NAT is applied, it requires the router to 
be preconfigured with pairs of identifiers: one 
from the global domain and the other from the 
local domain as well as a direction, which is 
used as a condition allowing only packets that 
satisfy it to start a NAT Session. After being 
preconfigured, the router monitors the move- 
ments of the packet between the domains 
(Figure 26). If the router found a packet that 
satisfies NAT requirements, a NAT session is 
started and a pair is allocated for this packet, 
and to all packets that are moving in that con- 
nection in the two directions.%23) 
NAT can be classified based on how the pairs 
are created. If the pairs include only IP 


Server 


Private os 
oS Network 
10.0.0.1 150.150.0.1 


Source IP___Destination IP 


200.100.10.1 


| 150.150.0.1 | 200.100.10.1 [-] 


Source IP Destination IP 


10.0.0.1 | 200.100.10.1 [: 
T 
t 


bineeennneenneeenneecneee Changes according -.-_-! 
to NAT 


Source IP__ Destination IP 


[:-[ 200.100.10.1 | 10.0.0.1 [: 


| 200.100.10.1 | 150.150.0.1 | “| 


Figure 26 | Example of a NAT operation. 


addresses and either the source or the destina- 
tion address in the packet is changed, this is 
Basic NAT. If the pairs in the Basic NAT are 
fixed, it is called Static NAT, if the structure of 
the pair is of dynamic nature, it is Dynamic 
NAT. If NAT includes port numbers, as well as 
IP addresses, it is called Network Address Port 
translation (NAPT). Other types of NAT also 
exist including Bidirectional NAT which allows 
the NAT sessions to be started by packets 
moving in two directions between the do- 
mains, and Twice NAT Which allows the source 
and destination IP addresses to be changed at 
the same time. 4 

NAT was developed in 1994 and was first de- 
scribed in RFC 1631.75! Then, a new standard 
was issued in 2001 including several new fea- 
tures such as Port address translation (PAT) 
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that theoretically enables up to 65,000 local 
hosts, addressed with private addresses, to ac- 
cess the internet using a single public IP ad- 
dress and different port numbers. 75 


Classless addressing approach as a part of a 
new routing method called Classless Inter-Do- 
main Routing (CIDR).'7! As discussed above, 
classless addressing is a method to create ad- 
dress subspaces compatible with internet to- 
pology and following a hierarchical perspec- 
tive.225! On the other hand, CIDR is a routing 
method based on classless addressing. Be- 
cause addresses are compatible with Internet 
topology, hosts that are located on the same 
site, share a part of their prefixes can be used 
to define a route destination. Based on this, 
routers can perform a mathematical operation 
to represent the previous set of routes, called 
now the aggregated routes, using an alternate 
single route called the aggregate route. Aggre- 
gated routes can be several, tens of thousands 
of routes, and can be more based on how the 
addressing was being done and onthe position 
of the router that performs the aggregation in 
the global routing system. The previous oper- 
ation is called route aggregation or route sum- 
marization, it resulted in the router keeping 
only the aggregate routes in its routing table 
and advertising them on the network (Fig- 
ure 27) reducing the amount of routing infor- 
mation to be exchanged among routers and 
creating smaller and more efficient routing ta- 
bles, 2291 

CIDR was first described in 1992 as an "Address 
Assignment and Aggregation  Strat- 
egy",'3°l then, in the next year, two requests 
for comments were issued to cover the ad- 
dressing structure®3" and the routing mecha- 
nism"771 separately. Finally, in 2006, a Best 
Current Practice (BCP) was issued to summa- 
rize the technology and report the CIDR's ef- 
fect on the global routing state .!"37! 


A new internetwork protocol in accordance 
with the long-term strategy, it is Internet Pro- 
tocol version 6 (IPv6).'4!"33] The new protocol 
provides 128-bits addresses and defines a 


space that includes 2778 (3.4x1038) ad- 
dresses."341 The IPv6 design included default 
support for many technologies that were 
added to IPv4 such as route aggregation, link- 
local addressing, as well as supporting new 
technologies such as StateLess Address Auto- 
Configuration (SLAAC)®35! and a new type of 
addressing called anycast allowing a single IP 
address to be shared by devices, usually serv- 
ers, located in multiple locations. When a data 
packet is destined to an anycast address, it will 
be routed to the closest device.'3*! block of the 
IPv4 address space.272The transition toward 
IPv6 begun in the last years of the 20" century, 
but it went slower than expected, as short- 
term solutions proved to be midterm.8! Thus, 
there is a need to support the two protocols at 
the same time, prompting the developers to 
design technologies such as the dual-stack. 237! 
IPv6 was documented in 1995. Un- 
der RFC 1883.'*41 Two years later, several mi- 
nor modifications were included and a new re- 
quest for comments was __ issued 
(RFC 2460).25! This RFC was the official docu- 
mentation for IPv6 for almost twenty years, 
until 2017, when RFC 8200 was published to 
adopts amendments for this protocol, based 
on features that were separately added in the 
previous two decades.!?6! 


Route Advertisement << 


Rest of 
the network 


Port Network 


ey 200.10.0.0/17 
e2 200.10.128.0/17 


Figure 27 | An example of route aggregation as a part of CIDR. 
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IP Address Spaces Overlap 


Internet subspaces overlapped when there is a set of ad- 
dresses shared between two or more spaces, this occurs 
because of improper use of VLSM or route aggregation. 
As aresult, two hosts might end with the same address, 
but each had a different mask, which will be leading to 
a routing problem. "38! 


The solution lies with precise designing of the network 
and careful configuration of the routers, thus, sub- 
spaces will be completely separated."9! Figure 28 
shows an example where VLSM is used to create an ad- 
dressing a 4-level hierarchy. In this example, the ad- 
dress subspaces 200.100.10.0/26 (green) in the third 
level overlaps with 200.100.10.0/27 (red) in the fourth 
level. Thus, the two subspaces should never be used to 
number hosts at the same time. 


€1 200.10.0.0/19 

200.10.32.0/19 
200.10.64.0/19 
200.10.96.0/19 


200.10.128.0/19 
200.10.160.0/19 
200.10.192.0/19 
200.10.224.0/19 
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200.100.10.0/24 


pe ee 


200.100.10.128/25 


Ae 


200.100.10.64/26 | 200.100.10.128/26 200.100.10.192/26 


sa 


| 200.100-10.192/27 200.100.10.224/27 | 


0 256 
0 256 
r x 200.100.10.0/25 
= aa 
0 256 
eT 200.100.10.0/26 
64 128 192 oe, 
Caper? 8 200.100.10.0/27 | 200.100.10.32/27 
32. 64 128 192 224 oe 
0 256 
c 1 T T T T 7 200.100.10.32/28 200.100.10.48/28 
32 48 64 128 192 


Figure 28 | Example for an IP address space overlapping. 


Host mobility 


When |IPv4 was developed, host mobility was not con- 
sidered. Thus, when wireless communication become 
popular in the late 1990s, a problem related to address- 
ing was present: An IPv4 host shares a prefix with 
nearby local hosts and gateway routers, and the routing 
mechanism is based on this shared prefix. when moving 
to a new position where another network is used, phys- 
ically and logically, the host needs to obtain a new IP 
address from the new network and share a new prefix 
with the novel nearby neighbors. When this is done, the 
routes to reach the host are completely changed, new 
routes need to be established and all previous connec- 
tions will be failed. "4°! 


Several solutions were proposed to overcome this prob- 
lem!42!, including Mobile Internet Protocol (MIP) which 
was first proposed in 1996 in RFC 2002.!47] When MIP is 
implemented, the mobile host is given a long-term IP 
address in a network called the home network, addi- 
tionally, it activates the home agent, a router on the 
mobile host used to route data packets to the home ad- 
dress when the host is away from his home networks. In 
the networks that support MIP, a router called the for- 
eign agent is to be activated. When the mobile node vis- 
its an away network, it needs to register its home agent 
with the foreign agent of that network to obtain routing 
service and be integrated with the routing system of 
that away network. !43! 
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Related to Fragmentation 


Supporting fragmentation is a basic service to be pro- 
vided by all IPv4 implementation."4*! Some attackers 
took advantage of this mandatory designing and 
launching several fragmentation-based attacks on data 
networks. In the following, we discuss a set of these at- 
tacks and how to handle them: 


e = Tiny Fragment Attack: it is based on the fact that 
the smallest data packet supported by any IPv4 
module has 68 bytes: a header with the maxi- 
mum allowed length (60 bytes) and 8 bytes of 
payload. This length is not sufficient to include a 
transport protocol header in the packet, thus, it 
passes through firewalls without being verified 
because the firewall usually checks the port num- 
bers at the transport protocol header. This prob- 
lem is defined in RFC 1858.45! The solution was 
introduced in RFC 3128 recommending to reject 
all data packets that have offset field value set to 
0 or 1,246] 

e Overlap segments attack: It depends on a vulner- 
ability in the reassembly algorithm: any subse- 
quent segment can, partially or completely, 
overlap with another previous segment. This 
means that the first fragment, which contains 
the headers, can pass through the firewall with 
correct values, then, its content can be manipu- 
lated using another subsequent fragment. This 
attack can be countered by updating the reas- 
sembly algorithm to prevent overwriting data re- 
ceived previously.47! 


e Address Resolution Protocol (ARP) flooding: 
ARP provides the link-layer address associated 
with a known IP address for a remote host. When 
a data packet is fragmented, instead of sending 
an ARP request once per the original packet, it is 
to be sent for every fragment creating an ARP 
flooding which can be used as Denial-of-service 
(DOS) attack.481To prevent this, it is recom- 
mended to set a limit for the maximum number 
of ARP request to be sent per destination, for ex- 
ample, an ARP request every second per destina- 
tions! 


Auxiliary Protocols 


Address Resolution Protocols Family 


Matching addresses used in the network layer with 
those used in the data link layer, and vice versa, is a 
function needed in the network protocol stack. It is pro- 
vided by a family of network protocols called Address 
resolution protocols."5°! Examples of members of this 
family, used with IPvq4, are the following: 


e Address Resolution Protocol (ARP): it is used to 
discover the link address associated with a 
known IP address of a remote host, and this 
matching is essential to create the IP packet. The 
protocol was developed in 1982 and described 
in RFC 826.454 

e Inverse Address Resolution Protocol (InARP): it 
does the opposite of what ARP does, i.e., it is 
used to discover an IP address associated with a 
known link address of a remote host. The proto- 
col was created in 1992 and it is specified 
in RFC 1293.52! 

e Reverse Address Resolution Protocol (RARP): it 
is used to discover an IP address associated with 
a known link address in the same host that runs 
the protool. The protocol was developed in 1984 
and described in RFC 903.53! 
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Internet Control Message Protocol 


Internet Control Message Protocol (ICMP) is a network- 
layer protocol and an integrated part of IPv4. The pro- 
tocol is used to provide a packet's source and destina- 
tion with a mechanism to communicate to exchange 
different pieces of information about the network sta- 
tus or packet processing. ICMP was developed in 1981 
and it is described in RFC 792.54 


The original standard defines 11 messages: redirect, 
destination unreachable, quench, time exceeded, pa- 
rameter problem, echo and its reply which were used 
later to create the ping tool, timestamp and its reply, 
and Information request message and its re- 
ply."55! Later, to respond to the needs of new protocols, 
several RFCs defined additional messages. For exam- 
ple, when the subnetting process was standardized, a 
couple of messages was created to address the new 
technology's needs: Address mask request and its re- 
ply.“5° On the other hand, several messages were ob- 
soleted, due to the emergence of technologies that ef- 
ficiently provide their services. For example, infor- 
mation request message, address mask request and 
their replies were obsoleted because of the develop- 
ment of DHCP. [57] 


An IPv6-compatible version of the protocol was created 
in 1995, it is called Internet Control Protocol for the In- 
ternet Protocol version 6 (ICMPv6), it was primarily de- 
scribed in RFC 1885.5° 


Internet Group Management Protocol 


Internet Group Management Protocol (IGMP) is 
a network-layer protocol that manages IPv4 multicast 
groups. It defines how hosts automatically join and 
leaves groups. In addition, the protocol does not add re- 
strictions on the number of group members nor on their 
locations, and it also allows a host to join more than one 
group at the same time.59! 


The IETF have developed three versions of IGMP: 
1. IGMPv1, developed in 1989 and described 


in RFC 1112, it covers the basic function of mul- 
ticast group management such as membership"°°! 


2. IGMPv2, developed in 1997 and described 
in RFC 2236. It includes several features and en- 
hancement to IGMPva, such as allowing a host to 
request leaving a specific groupe." 

3. IGMPv3, which is the current version of the proto- 
col. It was developed in 2002 and described 
in RFC 3376.26) IGMPv3 is compatible back with 
old versions of the protocol, however, it supports 
many additional features such as Source-specific 
multicast which allows group's members to decide 
the whether to accept multicast traffic or not based 
on the source of the traffic. 2%! 


Internet Protocol Security 


Internet Protocol Security (IPSec) is a protocol suite 
used to provide privacy services and authentication for 
other protocols active in the network layer. IPSec is 
used to secure connections between gateways (gate- 
way-to-gateway), between host and gateway (host-to- 
gateway) or between hosts (host-to-host). It is used not 
only by IPv4 but also by IPv6 and other internetwork- 
ing protocols. 2! 


IPSec is anopen standard that covers three types of 
protocols:!'°5] Authentication Headers (AH), which is 
used to ensure data integrity,“°°! Encapsulating Secu- 
rity Payload (ESP), used to provide data confidential- 
ity,67! and Security Association (SA) which defines the 
rules of secure communication in the Internet environ- 
ment such as how to use cryptographic keys."©2! 


IP Security Working Group was established as a part of 
the Internet Engineering Task Force in 1993 to unify the 
efforts made by multiple research institutions, mainly 
the United stated Naval Research Laboratory (USNRL), 
and to set a standard for security services provided in 
the network layer."°°! This group had published three 
Requests for Comments in 1995, #7°!27272] and that was 
but an introduction for dozens of RFCs and standards in 
the following years/3! until 2005 when it was obso- 
leted.6s1 
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Application 


In local area networks 


IPv4 is the dominant internetworking protocol in Local 
area Networks (LANs). Each LAN will use IPv4 address 
space, commonly referred to as a network, and every 
node connected to the physical network needs to be 
configured with a valid and unique local IP address from 
that address space as well as a network mask that helps 
the node recognize the network and the host part of the 
given address. Additionally, itis essential for every node 
to be configured with the gateway IP address. It is the 
router address on that local network.!74! If the node 
needs to connect with nodes on other networks it needs 
to send packets to the gateway address. 


There are two key protocols used in LANs along with 
IPv4: Dynamic host configuration protocol (DHCP)"4*! 
and Address resolution protocol (ARP).'5 DHCP. is 
used for dynamic host configuration, a client/server 
mechanism that allows a network node to dynamically 
obtain an IPv4 address, a network mask, gateway ad- 
dresses, and other information without any manual 
configuration except for enabling the mechanism. |75! 
There are also autoconfiguration mechanisms for pri- 
vate IP addresses, usually refers as Automatic Private IP 
Addressing (APIPA)"7°!, these mechanisms were origi- 
nally developed by Microsoft and Apple, but an open 
standard was released by IETF in 2005, it is described 
in RFC 3927.47] 


Regarding ARP, it allows the nodes to discover the link- 
layer addresses for other nodes in the same broadcast 
domain. If anode needs to send a packet to an adjacent 
node, it knows its IPv4 address and not the link address 
which is needed to fill the link layer header. This is im- 
portant to L2 devices, such as switches that rely on the 
link-layer addresses, so they can send data frames cor- 
rectly to their destination. ARP uses broadcast mes- 
sages asking any nodes in the broadcast domain to re- 
ply if it has the corresponding IPv4 address. When the 
node reply, ARP can learn the physical address of the 
node. "78 


Other network services, such as Domain Name System 
(DNS), are based on IP or heavily rely on it. DNS is a cli- 
ent/server mechanism that provides name-to-address 
conversations and vice versa. IPv4 addresses consist of 


a sequence of numbers that can easily be mistyped or 
forgotten.!72! When DNS is used, each IP address is as- 
sociated with a name that is easy to remember by hu- 
mans. When a user needs to send data or connect to an 
IP address, it can use the name instead of the ad- 
dress. [2801 


In Internet 


Internet is abbreviated from Internetwork meaning In- 
terconnected Networks,"*! and all these networks are 
to be addressed using Internet protocol. Based on 
google statistics, until 2010, more than 99% of hosts on 
the Internet were using IPv4 natively. The percentage 
decreased significantly in the last decade as the IPv4 ad- 
dress space was exhausted (Figure 29), meanwhile the 
Internet continues growing thanks to IPv6. In 2022, al- 
most 40% of hosts connected to the Internet use IPv6 
natively.°! For IPv4 hosts to connect to the internet, 
they need to use the public addresses assigned 
by IANA, RIR, or local ISPs.8! Using NAPT, which is a 
form of NAT, is another common possibility in Small 
Office/Home Office (SOHO) networks. 


Inside realm 


10.1.1,1: 1024 


10.1.1.2: 1024 
10.1.1.3: 1033 
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Figure 29 | IPv6 adoption on the Internet (2011-2022). 


In this scenario (Figure 30), the site is assigned a public 
IPv4 address (200.100.10.1) and all hosts in the local 
network (the inside realm) are addressed using private 
addresses (10.0.0.0/8). NAPT takes place at the router 
that connects the network to the internet (outside 
realm) where each connection is assigned a unique port 


number, thus, a socket (IPv4, port number) can be now 
used to distinguish each connection. 


Although the global routing system is entirely based on 
IP addressing following strictly the CIDR mechanism, 
IPv4 does not play any role in the routing process which 
is left to the routing protocols."*! In 2022, more than 
900.000 routes were advertised on the internet, "°3! and 
more than 330.000 routes were addressed using 
IPvg.284] 
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Figure 30 | PNAT ina SOHO. 
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The web is an information system reachable via the In- 
ternet, the access process is completely based on IP ad- 
dressing. Users do not deal with IP addresses, but 
names instead, because the DNS service, as discussed 
in detail above, is supported by Web browsers. Brows- 
ing, using names instead of IP addresses, is an example 
of DNS use. In this case, the browser is a client that so- 
licits a DNS server to get the IP address of the typed 
site 285! 


Notes 


a. For TCP, refer to RFC 793 2! 

b. The counting of the versions started from zero, i.e., 
the first version has the version number set to o. 

c. Number 3 was not used as indexes for IP versions in 
IENs. 

d. Usually referred to as a network. However, in this 
paper, we use the word subspace to avoid ambigu- 
ity. 

e. In the original protocol standard reserved bits was 
part of network identifiers," but they were always 
excluded from the mathematical calculations re- 
lated to the identifiers and treated as a separate 
part of the IPv4 address. !®3] 

f. Adistinction must be made between the number of 
addresses in a subspace, calculated using 2°xin, and 
the number of addresses available for numbering 
hosts, which is calculated using 2°xip - 2, where the 
two subtracted addresses are the network address 
and the broadcast addresses, which are served in 
every subspace and must not be used to numbering 
hosts. 

g. Refer to RFC 1878 for all possible masks when the 
classless addressing method is used. 3! 
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